Check for policies in app_gw

This commit is contained in:
Jens Langhammer 2019-03-21 14:53:47 +01:00
parent 25a5d8f5da
commit 5b8e3689ec

View file

@ -13,6 +13,8 @@ from revproxy.utils import encode_items, normalize_request_headers
from passbook.app_gw.models import ApplicationGatewayProvider from passbook.app_gw.models import ApplicationGatewayProvider
from passbook.core.models import Application from passbook.core.models import Application
from passbook.core.policies import PolicyEngine
from passbook.core.views.utils import PermissionDeniedView
IGNORED_HOSTNAMES_KEY = 'passbook_app_gw_ignored' IGNORED_HOSTNAMES_KEY = 'passbook_app_gw_ignored'
LOGGER = getLogger(__name__) LOGGER = getLogger(__name__)
@ -127,16 +129,22 @@ class ApplicationGatewayMiddleware:
.. versionadded:: 0.9.8 .. versionadded:: 0.9.8
""" """
request_headers = self.get_proxy_request_headers(self.request) request_headers = self.get_proxy_request_headers(self.request)
if hasattr(self.request, 'user') and self.request.user.is_active:
request_headers[self.app_gw.authentication_header] = self.request.user.get_username() request_headers[self.app_gw.authentication_header] = self.request.user.get_username()
LOGGER.info("REMOTE_USER set") LOGGER.info("%s set", self.app_gw.authentication_header)
return request_headers return request_headers
# def get_quoted_path(self, path): def check_permission(self):
# """Return quoted path to be used in proxied request""" """Check if user is authenticated and has permission to access app"""
# return quote_plus(path.encode('utf8'), QUOTE_SAFE) if not hasattr(self.request, 'user'):
return False
if not self.request.user.is_authenticated:
return False
policy_engine = PolicyEngine(self.app_gw.application.policies.all())
policy_engine.for_user(self.request.user).with_request(self.request).build()
passing, _messages = policy_engine.result
return passing
def get_encoded_query_params(self): def get_encoded_query_params(self):
"""Return encoded query params to be used in proxied request""" """Return encoded query params to be used in proxied request"""
@ -206,6 +214,9 @@ class ApplicationGatewayMiddleware:
def dispatch(self, request): def dispatch(self, request):
"""Build proxied request and pass to upstream""" """Build proxied request and pass to upstream"""
if not self.check_permission():
return PermissionDeniedView.as_view()(request)
self._request_headers = self.get_request_headers() self._request_headers = self.get_request_headers()
# redirect_to = self._format_path_to_redirect(request) # redirect_to = self._format_path_to_redirect(request)